Tokenization is an increasingly popular method of improving the security of transactions. Tokenization involves the generation of a token, or data element, that substitutes for another, possibly more sensitive, data element. For example, with regard to a payment transaction, a token may be used to as a substitute to a primary account number (PAN). Specifically, the token may be submitted by a merchant in place of the PAN to authorize a transaction. Thus, the PAN may be protected from eavesdropping during the transaction.
However, in some circumstances, it may be desirable for a merchant or other entity to de-tokenize a token to determine the corresponding PAN or other sensitive data. For example, a merchant may desire to perform analytics that track a consumer across multiple transactions, or may need to verify the identity of a consumer that conducted a transaction (e.g., for item returns). Further complicating the de-tokenization process is the possibility of multiple stages or levels of tokenization. For instance, a token generated by a first entity in a payment system may itself be tokenized by a second entity.
Embodiments of the invention address these and other problems individually and collectively.